Georgia Tech Launches Malware Intelligence Project

Georgia Tech Research Institute researchers examine analytics data from their new Titan malware intelligence system. From left: research scientists Andrew Howard (seated), Christopher Smoak, and graduate research assistant George Macon.

Credit: Georgia Tech Research Institute

Got malware?

If so, researchers at the Georgia Tech Research Institute (GTRI) are inviting government agencies and corporations to become members of their new Titan malware analysis and threat intelligence project, now in its sixth month of beta testing and expected to launch sometime before summer’s end.

Titan grew out of an earlier GTRI project known as MTrace, an automated malware analysis system that uncovers certain characteristics of each malware sample and aggregates the information into a malware intelligence database.

At the heart of Titan is one of the few nonprofit malware repositories in existence, according to Andrew Howard, one of the two research scientists spearheading the project.

The repository currently holds about 20 million malware samples and is growing by 100,000 unique samples daily.

“Initially our goal was simply to do very rapid, efficient malware analysis,” Howard says. It takes Titan just minutes from when a sample is received to completion of its automated routine, determining, for example, what the malware looks like; what ports, protocols, and registry keys it uses; what language it is written in; has it ever been spotted before; whether there is an antivirus signature for it; and so on.

“But it quickly became apparent to us, because we have all this malware, that we have the capability to provide information organizations will find very valuable from a defensive point of view,” he says. “And so, what we’re doing now in addition to analysis is intelligence gathering and trending about what are the current threats.”

Also, depending on the “privacy setting” of the members, the information submitted to Titan can become available to other members who are then able to use it for their own cyberdefense.

Currently there are just 10 members, all of which are Fortune 100 companies. But that number is expected to grow rapidly “when we open the floodgates in the next month or two,” says research scientist Christopher Smoak.

“Until then, we are still a bit in stealth mode as you can see from our Web page. We don’t want to reveal too much as yet about what we’re doing or how we’re doing it just to avoid becoming a target for the malware bad guys. But I would encourage anyone who’s interested in joining Titan to e-mail us and we can set up a phone conversation.”

Once becoming a member, organizations are able to submit malware samples 24/7 via Titan’s Web page or by using an external API that enables them to easily upload malware automatically. Since Titan is funded by Georgia Tech’s research dollars, members will eventually be asked to pay a nominal fee to grow the project, possibly a few thousand dollars annually.

Today the team’s biggest challenge is convincing organizations, many of which are secretive about their malware experiences, to sign on.

“Some are willing to talk to us because we are part of academia, we’re a nonprofit, and have no chips in the game,” says Howard. “But others are unwilling to air their dirty laundry, so to speak, with competitors or customers. Some seem to be more afraid of the so-called stigma of having encountered malware, of losing the trust of their customers if it is learned they’d become infected, than they are about losing data to hackers.”

Which is why, so far, all of Titan’s members have insisted on anonymity.

“It would be easier to attract new members if we could reveal who is onboard already,” says Howard. “But, unfortunately, that’s not currently an option.”

Paul Hyman is a science and technology writer based in Great Neck, NY.